From: shridhar kalavagunta <coolshrid@hotmail.com>
Date: Tue, 2 Dec 2025 23:31:58 +0000 (-0600)
Subject: Fixes issue 28885
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9547ac72f04ab7b0fea627ef790a14b32d42ec49;p=thirdparty%2Fopenssl.git

Fixes issue 28885

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon Jan 19 11:55:58 2026
(Merged from https://github.com/openssl/openssl/pull/29297)
---

diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index 51f0950a16f..0de08270dd8 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -193,12 +193,15 @@ int ssl_srp_server_param_with_username_intern(SSL_CONNECTION *s, int *ad)
     OPENSSL_cleanse(b, sizeof(b));
 
     /* Calculate:  B = (kv + g^b) % N  */
+    s->srp_ctx.B = SRP_Calc_B_ex(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g,
+        s->srp_ctx.v, sctx->libctx, sctx->propq);
+    if (s->srp_ctx.B == NULL) {
+        BN_clear_free(s->srp_ctx.b);
+        s->srp_ctx.b = NULL;
+        return SSL3_AL_FATAL;
+    }
 
-    return ((s->srp_ctx.B = SRP_Calc_B_ex(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g,
-                 s->srp_ctx.v, sctx->libctx, sctx->propq))
-               != NULL)
-        ? SSL_ERROR_NONE
-        : SSL3_AL_FATAL;
+    return SSL_ERROR_NONE;
 }
 
 int SSL_srp_server_param_with_username(SSL *s, int *ad)